Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://www.npr.org/2020/06/21/880963592/vehicle-attacks-rise-as-extremists-target-protesters That a kill switch cannot be prophylacticly applied to all non-emergency vehicles in the vicinity of a protest exposes pedestrian marchers to heinous and violent reprisals. A localized kill switch won't halt a '63 Chevy Impala. Kill switch vulnerabilities have appeared repeatedly in comp.risks: https://catless.ncl.ac.uk/Risks/27/11#subj3.1 https://catless.ncl.ac.uk/Risks/27/84#subj10.1 https://catless.ncl.ac.uk/Risks/28/24#subj12.1 https://catless.ncl.ac.uk/Risks/28/25#subj5.1 https://catless.ncl.ac.uk/Risks/30/29#subj4.1 In https://catless.ncl.ac.uk/Risks/28/25#subj5.1, Jonathan Zittrain <zittrain@law.harvard.edu> states: "I know I've long inveighed against vendor (and, by proxy, government) control over consumer technology, and I still think that's a central threat to both open code and free speech. But all of that otherwise-worrisome tech applied to weapons seems to invert the equities." Given that kill switches are not readily viable solutions: Laying traffic spikes across intersections and at start/end points traversed by protesters might suppress vehicle ramming incidents. Public safety offices require advanced notification to deploy traffic spikes given a march route and duration estimate. Protest planning forbearance reduces flash-mob spontaneity, but can enhance pedestrian safety that appears absent today.
https://arstechnica.com/information-technology/2020/06/chrome-extensions-with-33-million-downloads-slurped-sensitive-user-data/ The extensions, which Google removed only after being privately notified of them, actively siphoned data such as screenshots, contents in device clipboards, browser cookies used to log in to websites, and keystrokes such as passwords, researchers from security firm Awake told me. Many of the extensions were modular, meaning once installed, they updated themselves with executable files, which in many cases were specific to the operating system they ran on. Awake provided additional details in this report. https://cdn2.hubspot.net/hubfs/3455675/wp-the-internets-new-arms-dealers-malicious-domain-registrars.pdf
Document dump comes almost 4 weeks after murder by police of George Floyd. https://arstechnica.com/tech-policy/2020/06/blueleaks-airs-private-data-from-more-than-200-us-police-agencies/
In what may be the first known case of its kind, a faulty facial recognition match led to a Michigan man's arrest for a crime he did not commit. https://www.nytimes.com/2020/06/24/technology/facial-recognition-arrest.html
FCC asks public to describe experiences during last week's 13-hour outage. https://arstechnica.com/tech-policy/2020/06/if-t-mobiles-giant-outage-affected-you-nows-your-chance-to-tell-the-fcc/
*Glupteba creates a backdoor into infected Windows systems - and researchers think it'll be offered to cyber criminals as an easy means of distributing other malware.* A malware campaign which creates a backdoor providing full access to compromised Windows PC, while adding them to a growing botnet, has developed some unusual measures for staying undetected. Glupteba first emerged in 2018 and started by gradually dropping more components into place on infected machines in its bid to create a backdoor to the system. The malware is continuously in development and in the last few months it appears to have been upgraded with new techniques and tactics to coincide with a new campaign which has been detailed by cybersecurity researchers at Sophos. <https://www.zdnet.com/article/what-is-malware-everything-you-need-to-know-about-viruses-trojans-and-malicious-software/> The paper <https://news.sophos.com/en-us/?p=67447> describes Glupteba as "highly self-defending malware" with the cyber criminal group behind it paying special attention to "enhancing features that enable the malware to evade detection". However, its method of distribution is relatively simple: it's bundled in pirated software, including cracked versions of commercial applications, as well as illegal video game downloads. The idea is simply to get as many users to download compromised applications which contain the Glupteba payload as possible. To ensure the best possible chance of a successful compromise, the malware is gradually dropped, bit-by-bit onto the system to avoid detection by any anti-virus software the user may have installed. The malware also uses the EternalBlue SMB vulnerability to help it secretly spread across networks. <https://www.zdnet.com/article/why-the-fixed-windows-eternalblue-exploit-wont-die/> But that isn't where the concealment and self-defence ends, because even after installation Glupteba goes out of its way to stay undetected. [...] https://www.zdnet.com/article/this-sneaky-malware-goes-to-unusual-lengths-to-cover-its-tracks/
Jon Brodkin, Ars Technica, 18 Jun 2020 Woman who burned two police cars IDed by tattoo and Etsy review of her T-shirt. To some extent, every Internet user leaves a digital trail. So when a masked arsonist was seen on video setting fire to a police car on the day of a recent protest in Philadelphia, the fact that her face was hidden didn't prevent a Federal Bureau of Investigation agent from tracking down the suspect. The keys ended up being a tattoo and an Etsy review the alleged arsonist had left for a T-shirt she was wearing at the scene of the crime, according to the FBI. https://arstechnica.com/tech-policy/2020/06/masked-arsonist-mightve-gotten-away-with-it-if-she-hadnt-left-etsy-review/
Ecommerce site's blind trust makes the service a perfect place to dump data. https://arstechnica.com/information-technology/2020/06/google-analytics-trick-allows-crooks-to-hide-card-skimming/
Blizzard has suspended or closed over 74,000 accounts in the last month. https://www.wired.com/story/world-of-warcraft-classic-russian-bots/
When the Defense Department flunked its first-ever fiscal review, one of our government's greatest mysteries was exposed: Where does the DoD's $700 billion annual budget go? Contains numerous mentions of huge IT project failures. https://www.rollingstone.com/politics/politics-features/pentagon-budget-myst ery-807276/ Just over 50 years ago, Dwight Eisenhower gave his famous farewell address warning of the power of the "military-industrial complex." The former war commander bemoaned the creation of a "permanent armaments industry of vast proportions," and said the "potential for the disastrous rise of misplaced power exists and will persist." Eisenhower's warning is celebrated by the left as a caution against the overweening political power of war-makers, but as we're now seeing, it was predictive also as a fiscal conservative's nightmare vision of the future. The military has become an unstoppable mechanism for hoovering up taxpayer dollars and deploying them in the most inefficient manner possible.
Recently, a certain national leader has directed that testing for the SARS-CoV-2 virus be "slowed" so that the numbers of new cases of the disease will be reduced. This is, of course, flatly ridiculous. Testing does not cause problems, it just reveals existing problems. And the lack of testing doesn't prevent problems, it only blinds you to the scope of the problem. I have told my "testing" story before ... Oh, well, what the hey: I am reminded of a situation where sales and marketing was supposed to carry out virus scans before they installed our product. They had previously been using an inferior product, and I mandated that they using a more accurate product. At one point a machine was brought in as a problem. First step in my process was to scan the machine, and, sure enough, it was infected. "Did you scan it?" "Yes." "Did you use the right scanner?" "Well, no, we used the old one." "Why did you use the old scanner, when I've specified that you have to use the new one?" "Well, when we use the one you told us to, it finds viruses ..."
https://www.nature.com/articles/d41586-020-01834-3
The German company's share price has plunged 80 percent, and its longtime chief executive has resigned. https://www.nytimes.com/2020/06/19/business/wirecard-scandal.html
Shows of support from Facebook, Twitter and YouTube don't address the way those platforms have been weaponized by racists and partisan provocateurs. https://www.nytimes.com/2020/06/19/technology/facebook-youtube-twitter-black-lives-matter.html
Small businesses say the Twitter chief's other company is holding on to 30 percent of their customers' payments during the pandemic. https://www.nytimes.com/2020/06/23/technology/square-jack-dorsey-pandemic-withholding.html
Doctors look to these digital calculators to make treatment decisions, but they can end up denying black patients access to certain specialists, drugs and transplants. https://www.nytimes.com/2020/06/17/health/many-medical-decision-tools-disadvantage-black-patients.html
After claiming some credit for the fizzling of President Trump's rally in Oklahoma, the online armies of Korean pop music listeners are feeling prepared and empowered. https://www.nytimes.com/2020/06/22/arts/music/k-pop-fans-trump-politics.html
> The title Monty sent me is the one online, which says `Stans' instead of > `Fans'. "A crazed and or obsessed fan. The term comes from the song Stan by eminem. The term Stan is used to describe a fan who goes to great lengths to obsess over a celebrity." https://www.urbandictionary.com/define.php?term=Stan [Thanks to at least a dozen readers for helping my education. I stans corrected. But I remember Stan Laurel and Oliver Hardy, whom all but the oldest RISKS readers probably don't. PGN]
In article <566E5F5C-2B19-4E1E-AF1D-0F1194EDC43B@keio.jp> you write: > Silicon Valley Can't Be Neutral in the U.S.-China Cold War -- > https://foreignpolicy.com/2020/06/22/zoom-china-us-cold-war-unsafe > In other words, Zoom is rolling out a “one-company, two-systems model'' -- > participants in China would be subject to censorship, but those outside of > China would not. I agree this is pretty creepy, but how is this fundamentally different from the way that EU laws like right to be forgotten make search engines results in Europe omit stuff that is included other places? If you're going to operate in a country at all, you have to follow the country's rules. I expect I would have a different answer to whether I'd operate in China.
Please report problems with the web pages to the maintainer